CVE-2026-42096
Analyzed Analyzed - Analysis Complete
Broken Access Control in Sparx Pro Cloud Server

Publication date: 2026-05-19

Last updated on: 2026-06-02

Assigner: CERT.PL

Description
Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-06-02
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-42096
EUVD
EUVD-2026-30927
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sparxsystems pro_cloud_server to 6.1.167 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Sparx Pro Cloud Server is a Broken Access Control issue related to communication with the database. Because the system lacks proper permission checks, any user with low privileges can execute arbitrary SQL queries within the context of the database user.

Compliance Impact

The vulnerability in Sparx Pro Cloud Server allows low privileged users to run arbitrary SQL queries due to broken access control, which can lead to unauthorized access or manipulation of sensitive data.

Such unauthorized database access can compromise the confidentiality and integrity of personal or sensitive information, potentially violating compliance requirements under standards like GDPR and HIPAA that mandate strict access controls and data protection measures.

Impact Analysis

This vulnerability allows low privileged users to run arbitrary SQL queries on the database, which can lead to unauthorized data access, data modification, or data deletion. This can compromise the integrity, confidentiality, and availability of the database and potentially the entire system.

Mitigation Strategies

The vulnerability affects Sparx Pro Cloud Server version 6.1 (build 167) and below. Since the vendor has not provided details about the vulnerable version range or patches, the immediate mitigation step is to avoid using these confirmed vulnerable versions.

  • Upgrade to a version above 6.1 (build 167) if available and confirmed safe.
  • Restrict low privileged user access to the Pro Cloud Server to prevent arbitrary SQL query execution.
  • Monitor and limit database query permissions to reduce the impact of potential exploitation.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42096. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart